Support in setting up a Shibboleth SP
Dave.Perry at hull-college.ac.uk
Fri Aug 14 04:48:04 EDT 2015
The first step is to get the Shibboleth SP installed, configured and tested to work for your institution's user - presumably your own institution's IdP (read login server) administrators can help with the testing logins bit.
Get a list of 'required' attributes together for the other institution users too - e.g, our own IdP releases a unique ID (hashed from the username) and affiliation information (Staff or Student)
Once it works in house, you should probably get the SP published in the UK Federation metadata (UKF may chime on this point due it being 'just' 6 other universities you need to allow access to).
If it's registered in the federation, the other universities' IdPs will get the 'how to talk to your application' information/signature stuff easily as part of a process they're doing automatically anyway.
You'll then need to go back to the SP configuration, and change it to allow the institutions you're working with's login servers to talk to your SP. And, if applicable, make sure it's only letting the right people through.
NOTE - I have no experience of this bit, so someone else will need to chime in the finer points.
Or you could just allow all IdPs to login to your app, and do some filtering within the webapp - but I don't know how practical that is, for your app.
eLearning Technologist, Hull College Group
Room L34 - Queens Gardens Library
Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
Extension 2230 / Direct Dial 01482 381930
* Need a fast reply? Try elearning at hull-college.ac.uk<mailto:elearning at hull-college.ac.uk> *
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Tony Wheatman
Sent: 13 August 2015 14:45
To: users at shibboleth.net
Subject: Support in setting up a Shibboleth SP
Sorry for just dropping this e-mail upon you but I hope you can help with a Shibboleth SP implementation we are undertaking at the University of Nottingham (United Kingdom).
I am the project manager and we are undertaking a project around a Confluence Workspace site that hosts something called the Virtual Postgraduate Platform.
The VPP is used by a consortia of 6 universities and currently the user experience is poor due to an authentication method which means associate accounts being set up for each user so that they have access to the site hosted at UoN from the other institutions. Resulting in several accounts for each user, which is far from ideal.
We have been in negotiation around making this a shibbolized (I hope that is the correct terminology !) solution, allowing single sign on based on the sharing of attributes from each University and the setup of the UoN as a Service Provider.
We have now opted for this as a solution, but we are struggling with resource at the moment and the deadline of the 21st September, could be at risk. I am therefore reaching out to you for support and to understand what support is out there, what the availability is like and what if any, the cost would be.
I have spoken to Alex at the UKFederation, who has suggested that this may be a good forum to seek assistance.
What I'm looking for is;
- General guidance on how to do this
- A list of tasks that need to be completed
- Associated timescales
- Potential 3rd party resources to draft in the expertise
If you can help on any aspect of this I would appreciate it greatly I'm looking at every way possible at the moment to ensure successful delivery as we believe that we do not have the necessary skills in house.
Senior Project Manager
The University of Nottingham
Kings Meadow Campus
t: +44 (0) 115 84 68613
This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please send it back to me, and immediately delete it.
Please do not use, copy or disclose the information contained in this
message or in any attachment. Any views or opinions expressed by the
author of this email do not necessarily reflect the views of the
University of Nottingham.
This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system, you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation.
This message is sent in confidence for the addressee
only. It may contain confidential or sensitive
information. The contents are not to be disclosed
to anyone other than the addressee. Unauthorised
recipients are requested to preserve this
confidentiality and to advise us of any errors in
transmission. Any views expressed in this message
are solely the views of the individual and do not
represent the views of the College. Nothing in this
message should be construed as creating a contract.
Hull College Group owns the email infrastructure, including the contents.
Hull College Group is committed to sustainability, please reflect before printing this email.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users